Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  November 2, 2013 12:00am-2:01am EDT

12:00 am
>> hi, thank you for a wonderful, wonderful pam, and, jim, as you know, on "ground hog day," bill murray becomes a better person and gets the girl. [laughter] there is a good ending. last night, too bad there's not more people, but melissa hataway gave a very -- a presentation
12:01 am
about her perspective of where we are on cyber, and she work for the bush administration and the obama administration, and core author of the comprehensive national cybersecurity initiative, which many of you are familiar with, and her plea, what she talked about was she's been at this since 2008, like many of us, and she's been kind of taken aback by the lack of an international strategy that the united states seems to be pursuing, and i think it's intriguing to hear what you have to say, what you guys think as a group. you raised the i.t. issue, sort of like the quiet negotiations that jim's been involved with, but what do you, as a group see, as the best mods -- model for an international set of standards, norms for convention heading towards as part of the information sharing. if you're a fortune 25, you're acting all over the world under a range of information sharing issues, not just the united states. curious to see what the brain
12:02 am
power on the panel thinks. i hope you look at the cyber playbook because many issues raise r raised here are discussed in the there. >> i'm positive about this. remember that keith alexander is an army general, and when he wakes up, he recites the army creed, and the key line is i will never accept defeat; right? i'll never quit; right? he says that it's true that tooth paste dribbles on his chin because he brushes his teeth while he says it. we're going to win; right? it's going to take a long time. if there's a place we make progress, it's on the diplomatic side. the tear rain is changing, though, for a couple reasons, both legal, the agreement, and political. the u.s. has experienced a range of setbacks. our influences diminished. we have a diplomatic strategy. it's not necessarily entirely public, but it is available at the white house website. what's happening, and i think steve touch on this is back, and
12:03 am
i've been trying to remember why we did this. i worked on these issues in the clinton white house, and for some reason, we split them. there's a secure working group and e-commerce working group. i was one of the two crossover people. why did we split them? who knows. they've come back together. there's now issues of cybersecurity and internet govern nans, the itu overlapping considerably. as part of that, you have the control over content issues, and you have the issue of transporter data flows, not helped by the snowden revelations; right? every country has the same reaction. we did too. you know, you'll store data in other country, oh, it's got to be here; right? most countries, actually, that's the opening position. that's the debate we're having now. how do you manage -- we're in a period of transition. we're moving to a world where
12:04 am
cyberspace will be treated like every other space, like the seas or whatever, physical end, and how you manage that transition so that we don't lose key values and yet have a more stable and secure environment will be very difficult. i think we have a strategy. you could say, perhaps, it's not public enough, but there's larger political influences that are busting and will make it more difficult to achieve. >> laura and then leonard. >> so my only point here is in light of the recent revelations, the regard with encryption, standard setting, the high level of sin -- cynicism overseas, there is very serious opposition to what the united states has done overseas. i was in cambridge at the time this summer. it was remarkable the extent to which the anger towards the united states, and we can often forget that when we are here domestically, but the revelations have been a significant setback, i think, towards diplomatic efforts
12:05 am
abroad. now, i think it's just too early to see how that pans out. if it's going to pan out that the united states is able to lead from behind, if it's going to pan out we can regain a leadership position, but we'll see significant fallout internationally on this for some time to come. >> leonard. >> a brief point. i think that, like jim, i'm an optimist. time is op our side here. i think the development of international norms will follow from just the proliferation of the technology so in 1996 when they start the negotiations, it was among countries that had, you know, a certain amount of technological gain already. i think what we're seeing, again, with proliferation everywhere, is that some of the norms that have driven some of the other international doctrinal, you know, advancements will be more possible. you know, people, like i wince when they bring up letters of mark in the cop text, but there are certain types of attitudes
12:06 am
towards hacking and the offensive of spriewding on networks that likely gain purchase and will make it easier to, perhaps, create, you know, international doctrine. >> okay. any other questions? over here. great. >> hi, i'm from the office of army general counsel, and i -- listening to what steven is saying, and i actually agree with you about how it probably no longer suffices for government to just have stale best practices and explay kate the changing threat environments, but laura made an excellent point about cyber distrust between industry and governments, and i add a third corner to that.
12:07 am
the popular push back against this show there's cyber distrust, so even before we get our international cyber grants strategies in line as melissa talked about yesterday, do you have ideas going forward how do get all these stake holders all on the same page? that seems critical before we get everything else going. anyone? >> >> i was hoping those guys would jump in. first of all, they are not the same. the privacy community tried to con flat them because sofa is the third rail. i talked to a republican chairman in the house who got more letters op this issue more than any other last year. >> say what it is. >> what's it stand for smit oh, stop online piracy act; right? where the -- i was about to make
12:08 am
a bad joke. i won't. so it was an act that would have diverted people who were typing in, you know, give me a free version of mickey mouse. it would have diverted them to a website that said, stob, you're violating federal law. it messed with -- messed is a technical term, but messed with dns, a bad idea. it's different. i think conflating them -- this is a -- this is sort of how things work in a democracy and because we are in a politically difficult situation, maybe it's moving a little more slowly, but i do think we're going to be able to bring them around, and when you talk on the hill, five years ago we probably had this experience, five years ago, they said get out of the way, kid, why bother with the cyber stuff? they get it. we're on a path to fix these things. you will have significant objections though, and one of
12:09 am
the things we're not dealing with when i put on the think tank hat what i think is snowden episode, it's not accidental. it's planned, a nonstate actor engaging in information against the u.s.. we have a new kind of opponent, new conflict, we're not doing well in dealing with it right now, and these are things we have to overcome, but i am positive we can overcome them. >> just this part of your question related to developing levs of trust and credibility between all the players in terms of privacy protection. there are models to proceed here, and i have a personal or unique perspective on this. i was appointed by the president in april 2003 to be the first officer for civil rights and civil liberties. it was a first. this had never happened in government position never existed in any government agency
12:10 am
before. on the same day, the secretary pointed the chief privacy officer. we headed out together in this uncharted world trying to figure out what to make of this, and how to develop some traction. we chaired offices, trying to figure out how to, you know, get through the policy world and develop some traction. i have left department of homeland security four years ago and came back in the last few months, and i've been really struck by the structureture of privacy that has been built in. i mean, i walk past a cubicle three times a day, and it says so and so privacy officer. the privacy impact assessment, the idea of having a privacy impact assessment, the organization assess the privacy impacts of your program was foreign to us in april 2003, foreign, and i remember my
12:11 am
colleague, kelly, introducing this idea for the first time, and now, if you look at the welcomes, we've got probably a dozen privacy impact assessments just on cyber-related programs, five just on einstein program itself. these folks do training, cyber specific privacy training, outreach, advisory counsels, so i think that there are -- my point is i'm optimistic there are models that we can build upon in the privacy and civil liberties arena that could establish levels of confidence. now, we need to adopt those across the government and in private entities as well to have that embedded appreciation for the issues, but i think there are ways to proceed there. >> great. everybody on the panel, leonard, steven, laura all have something to contribute. >> brief on that question. the, for me, comes back a bit for the point i made about information and people understanding technology. i want to talk about that issue
12:12 am
as much as i can because i do pleef that the private sector does not dhi it out in front of the public on this, that they have business concerns that will drive them back from being at the bleeding edge of doing certain things. one of the frustrations we face, i mean, working closely with the colleagues at dhs, for example, several years ago, when people were very, very concerned that there would be systems that would be filtering their e-mails, you know, trying to find malicious code, things that shouldn't be there, and we spent time asking people, do you have an e-mail account? you know that spam's not getting to you, how do you think it's not getting to you? there's a lack of appreciation that the very technologies we talked about were things that were broadly implemented in the private sector, used as just baseline common sense security measures, but there's a lack of appreciation for that, and so i
12:13 am
think part of it is trying to develop a tech savvy world where people understand the way that information is normally protected, the things we normally, a matter of course, protect information, and in the appreciation for why it is, you know, different parts of this implement parts including the government. >> steve? >> this gives me the opportunity to end on a happy note. despite pitfalls you see here and this over time, the government in the private sector are working remarkably well together every day. even some of the players that you mentioned daily are working with law enforcement, with the government, and those might not make headlines, but they happen all the time. the program started in 1996, has 55,000 people in it today meeting throughout the country every day building up a type of trust. that's historic. that doesn't change based on an event here or there, the secret
12:14 am
service with the task force, dhs, working with the industrial base together with nsa's information insurance director, the csp program that dha has goes on and on, and my main point is that private sector and government are working well together. we have align for the right goals, but i don't see a problem in that regard. >> laura? >> yeah, i just want to respond, particularly to dan's points and jim's point. there's a real danger here we think by checking the box we addressed the underlying concern speaking here about privacy. we have a privacy and civil liberties oversight board, no resources, no money, and no teeth; right? the idea we have one, great. we have pias, the records notices, and we have exceptions that are routinely used by dhs and others in sense of the regard of the metric programs. we have a privacy act 40 years
12:15 am
old and no longer does what it was set out to do. we have foya with exceptions for gnarl security routinely used to deny reasonable activity. now we've seen with walton releases, and august of this year, it was release reasoning without providing too much information a joshed lying issues, and what we found out is that a secret court secretly carved out exception to the fourth amendment that the supreme court itself never recognized. you know, so when you say, well, look, we're doing a lot on privacy, it's hard not to be too cynical about it with an underlying deficit, and this is coming back to the point and your question, which is there is a problem when you have the population if you try to get buy-in from them. there's a certain amount of cynicism and concern about the level to which governance continues if you don't know what's happening in your name and what's your elected representatives are doing.
12:16 am
>> okay, two minutes left, so if anyone has app easey question? [laughter] >> the questions are always easy if the answers are yes or no. >> i hope it's easy question. it's two. one there's not an answer yet to, and that is how the liability issue that was mentioned with regard to the new frame work may play out, and i wanted to ask also about the broad community of hackers who many of whom see themselves as security researchers, who report, you know, zero days when they find vulnerabilities. i'd like to know what the panel thinks of that community. is there a place for them, a crowd sources, if you will, of vulnerabilities? what do you think? >> who wants to jump in op that? >> pick the financial sector; right? there's about 20 different laws
12:17 am
that relate to customers' privacy information. in terms of lability, there's some that's obvious. there's the fair credit reporting act, you've got the electronic transfer act, the right to financial privacy act, which is protecting information against government access, tfn consumer protection act, all sorts of ways in which liability is incurred under the regime that has to be addressed in some sort of a long-term comprehensive cybersecurity package. >> leonard? >> on the second portion, a descriptive answer. descriptively, those people are breaking the law. 1030 # aqac, fraud and abuse act, the provision for self-help or for i'm doing it really just to help everyone else. there's not a recognition under the law currently that assists those people in behaving that
12:18 am
way. there are concerns about opening up the landscape to say different parties can determine themselves. what moves they can take. what the data they can retrieve, what costs they can actually impose on others when information is taken from their networks. in part because i, you know, there's great variation in this, but anyone who suggests to you that conducting intrusion and retrieving or receiving information on a network you're unfamiliar with is simple and without risk is probably telling you something. there's great risks to doing that, and the question is if we build that into the law, are we creating a more or less resilient and secure cyberspace? many of us feel that it, perhaps is an open door to a less secure and stable environment. >> all right, jim says he has --
12:19 am
>> a tiny one. one thing to track is the cost of buying these sorts of vulnerabilities, and the guyings i know who do this say the price went up. it used to be 50k for a new one, now a 100k. the people who complain the most are researchers in china because the mps or mms comes to them and says you owe it to the state to give it to us for free at a discount, and others try to move to singapore. interesting market here, not that visible to. liability, that's, i think, it's going to be easier. we're collecting data. think of where we were, and everyone on the panel knows, we know so much more than five years ago, and we got to the point where you can say to a company that had a significant problem, here's things you could have done to reduce risk. why weren't you doing them? when that happens, you'll start to see legal action. >> all right. well, i hope everyone joins me in thanking this terrific panel.
12:20 am
thank you very much. [applause] >> thank you, administrative announcement. if you would clear the room, as you did yesterday, you could leave your personal belongings on your seat, and we will be back together in 45 minutes at one o'clock. [inaudible conversations] >> this is a tough time for nsa where may say what are you doing, or why are you doing it?
12:21 am
when we get together, we don't whine, well, maybe a couple times we wipe, but we say, it is much more important for this country that we defend this nation and take the beatings than it is to give up a program that would result in this nation being attacked. we would rather be here in prompt of you today telling you why we defended these -- these programs, than having given them up and have our nation or our allies be attacked and people killed. >> this weekend on c-span, intelligence officials defend the nsa's surveillance program in a house intelligence committee hearing. saturday morning at ten eastern. live sunday on c-span2, your calls and comments for kitty kelly, best selling author of unauthorized biographies of nancy reagan, the british royal family, the bush family, and others, noon on
12:22 am
"in-depth," remembers john f. kennedy, eyewitness accounts of the events surrounding the november 1963 # assassination. sundays at 3 p.m. eastern. >> as part of the series of hearings investigating the washington navy yard shooting, the senate homeland security committee looked at how the military screens contract employees and conducts background checks. members question officials from the office of personnel management and the defense department. this is two hours and 20 # minutes. >> good morning. the hearing will come to order. welcome one and all. on monday, september 16th, a horrible tragedy unfolded at the
12:23 am
navy yard in washington, d.c.. a very troubled individual took 12 lives in an act of violation. the circumstances that led to the tragedy are multidimensional. the issues raised by the tragedy such as the adequacy of our gun laws and equality of mental health care are outside the purview of the committee. as we learned more, a number of my colleagues and i asked each other why such a troubled, unstable individual possessed a security clearance from the united states government. why was he granted the clearance when he did not disclose the arrest record on his application? why did the investigator responsible for looking into that arrest write up the, quote, retaliated by deflating someone's tires instead of disclosing that he shot those tires? we also wonner how such violence could have taken place at the navy yard, more secure than just
12:24 am
about any workplace in our country. the navy yard tramming city is not the only reason that members of congress are questioning the quality of the dkd checks. the edwardsnowden case, of course, raises the same questions so has wikileaks, disclosures by private bradley manning. yesterday, we learned that the department of justice is joined a lawsuit against the company called united states investigation services, commonly known as aces. this is the company that performs 45% of the background investigations that are contracted out by the office of personnel management. according to the lawsuit, they engaged in a practice. the company insiders referred to as dumping. some referred to as flushing. under this alleged scam, asus sends investigations back to the office of personnel management even though they had not gone
12:25 am
through the full review process. through this dumping, they maximized its profits. many national security experts long argued that the security we have to ask whether the system is fundment tally flawed. we should also be mindful for many years both congress and the federal agencies were concerned about the backlog of security clearance applications which grew larger after 9/11. we need to make sure that investigators do not feel pressured to sacrifice quality for speed. many of heard me say that almost everything i do i know i can do better. same is true, i think, for all of us, and most federal programs. it is in that spirit we convened today's hearing. our primary purpose is to learn what we're doing right in the security process, do more of that, while also learning how we can improve it.
12:26 am
we have many questions to ask. here's some of them. are we looking at the risk factors in attempting to identify people who should not be trusted with a clearance or who should do serious harm for our government and our country? what important information do background checks miss in the current system which relies heavily on self-reporting by the individuals applying for a clearance? once a clearance is granted, what events should trigger a re-examination of suitability to retain that clearance? what problems are created by the heavy reliance by the office of personnel management on contractors to perform the background checks. what are the advantages of the relicense? what is the relationship between background checks for security clearances and background checks for other types of privileges such as access to governmental
12:27 am
facilities. we also need to ask what impacts sequesteration and years of string budgets had on the clearance process. under the current system, periodically investigations of individuals holding clearances are supposed to be done every five years for people with top secret clearances and ten years for people with secret clearances; however, because of funding short falls, employees sometimes continue to work in positions that allow access to classify information even if the initial period of clearance has lapsed. for example, this summer for ten weeks, the department of defense has been in periodic reviews of some contractor employees due to funding short falls. i like to hear from our witnesses today about how often suspensions like that are happening across the federal government. i'd also like to hear about what agencies are doing to manage risks to our security when clearances are not re-examined on schedule through the periodic review process. today, we've been joined by
12:28 am
officials from four agencies responsible for the policies and procedures used to determine who was eligible to obtain security clearance, access to government facilities, and computers. they are the office of management and budget, the office of personnel management, the office of the directer of national intelligence, and the department of defense. we want these officials to talking with us this morning about the critical, security related policies and procedures and also about the coordinated reviews of the processes now underway throughout the government in the aftermath of navy yard tragedy and other recent incidents. we will hear from an expert at the government accountability office known as gao which produced a wide body of work on security clearance process. welcome. this hearing builds on the ongoing good work of the subcommittees which held a hearing on security clearances just this past june under the
12:29 am
able leadership of senatorrers tester, portman, mccaskill, and johnson. that hearing exposed the urgent need for additional resources at the office of personnel management, to enable that ig to conduct important oversight of background investigations. in july, our committee proved a portion of the bill sponsored by senator tester and cosponsored by dr. coburn, senator mccaskill, senator port man, johnson, nelson, and senator baucus to allow the inspector general to tap into opm's revolving fund for the purpose of performing much needed oversight, and we commend senator tester and our colleagues for their good work. legislation passed the senate earlier this month. my hope is signed into law by the president soon. in closing, i want to say that the vast majority of individuals who hold security clearances are honorable and trustworthy
12:30 am
people. many of them felt calledded into service after 9/11 to help protect our country, and they deserve our thanks. having said that, though, we still must have a system that does a better job of rooting out those with nefarious purposes and those deeply troubled and up stable. that system must identify those with behavior systems, identify behavior that signals an unacceptable risk to be entrusted with classified information or access to sensitive federal facilities. i hope that our hearing today will help point us to a number of sensible solutions that taken together will truly improve our national security. timely, i think it's important to note that our committee continues to look at other aspects of the navy yard tragedy like the physical security of federal buildings as well as preparedness, emergency response, and communication issues. we got much work to do to learn
12:31 am
as much as we can from this tragedy and try to prevent similar ones from occurring in the future. with that, let me welcome dr. coburn, and i look forward to his opening comments, and then we'll talk to our witnesses. welcome. >> thank you, chairman carper, and welcome to our witnesses. first, let me extend my deepest con doll lenses to the family's coworkers and friends lost on september 16. to me, it's not a political issue, but an issue of us failing to do our job in a proper way with security cleesheses. today, gao released a report that shows some 8400 people receive security clearance while they had tax bets, which is a as a -- vulnerability, got security clearances, and the vast majority of those were top secret security clearances.
12:32 am
our process is obviously broken, not complete, and not adequate. until this year, opm did not have the means of debarring persons or those who falsified background checks for clearances. worse, ipmm's ig recommended 22 individuals received no answers on 14 of the cases formed that the other eight would not be debarred. something is very wrong. it's unlikely that a stricter clearance process would have prevented a deranged individual from committing murder, but this event should be a catalyst for congress to fix the way the country categorizes, handles, and grants access to sensitive data. two problems. one, there's way too much stuff classified that doesn't need to be classified, and number two, there's way too many security clearances approvedded. if you markettedly increase the amount of material that doesn't need to be classified, you have to increase the number of people
12:33 am
that need to have access to it. we have to address both problems. i look forward to going through the comments today and with our panel of witnesses to get closer to the real answers, and chairman carper, thank you for holding the hearing, and i appreciate the work of senator tester. >> i thank you. i'm going to ask senator tester just before we turn to the witnesses to make comments as well, and, again -- >> yeah, i'd like to thank you, thank you, chairman carper, and i want to thank dr. coburn for the leadership on this issue as well. it was four months ago when we had a hearing after the snowden leaksment senator portman and i and steven lewis and others were a part of the pam. thank you for being here today as well as last time. in my opening remarks, i said given the fiscal security stakes involved, we have to get it right, and there was no mar gyp for error. the fact was we knew then as we know today we need to make immediate reform of the process,
12:34 am
there needs to be more transparency, more oversight. the outcome of that hearing was a bill that the chairman talked about, introduced by myself as well as portman, mccaskill, johnson, and coburn, that provision of that legislation known as the score act subsequently passed the senate, when senate signed it into law, it's going to bring better oversight to the background investigations conducted by opm, and its contractors, but there are two other proversions very, very important that we need to get across the finish line that dealt with the issues that senator coburp talked about with a number of security clearances given and, quite frankly, another issue that deals with what we do when we have a company that screws up and screws up some regularity, it is too important, and we saw that with the attacks on september 16th when 12 good men and women
12:35 am
left for home as they did most every other monday morning within a couple hours, no warning, no motive. killed by a map with a a history of mental illness, violence behavior, and a criminal record, a man who was cleared by our government through a contractor as someone who should have access to this nation's most secure facilities and sensitive information. look, there are real life consequences for failures within our government, and we need answers, solutions, action because quite frankly, the men and women who rely on that action deserve no less. thank you, mr. chairman, for having this hearing. it would seem to me that it is critically important that we act as first timely and as thoughtfully as possible to get this problem solved because it is obviously a problem and a big
12:36 am
one. >> thank you, and thanks for your leadership and your good work and that of senator portman and others who joined you. we now turn to our panel, and introduce each of our distinguishedded witnesses. first witness is the honorable joseph jordan, add min streeter of the office of federal procurement at the office of management and budget. who do you report to? >> i robert to the newly confirmed deputy director. thank you. >> got her through quickly. thank you and others and senator johnson and others, and john cornin was helpful in expediting and got her through in record time. >> appreciate it. >> she has a top leadership team there. we expect a balanced budget in two years. [laughter] first witness, joe jordan, welcome, from omb. confirmed as administrator for federal procurement policy in may of 2012. he's responsible for developing
12:37 am
and implementing government contracting policies and senior leader and former adviser to the omb directorment he'll speak to the role in the security clearance process. again, we thank you for the testimony and for your service. next witness is elaine caplain, the acting director of the office of personnel management, a position she's held since april of 2013. i understand she's been confirmed for a new job; is that true? want to tell us what it is? >> confirmed to be a judge op the united states court of federal claims. >> any of us vote for you? >> some of you did. [laughter] >> all right. >> the others were clearly mistaken. [laughter] >> congratulations. thank you for doing double duty here in the last six months and taking this on, and to our colleagues woo were good enough to find a way in supporting a -- confirm the director, thank you
12:38 am
for your support. at z acting director, ms. kaplin oversees services ensuring the federal government has a work force that's worthy of the public trust by investigating and reviewing applications for security clearances and by performing background checks to determine whether a person is suitable for employment by the federal governor or federal contractor. thank you for your testimony, for your leadership, and always once, and good luck in what lies ahead. next witness is -- ryan -- letti? >> [inaudible] >> yeah, and assistant directer in special security director at the office of director of national intelligence. he served in this position since may of 2013 after serving at the central intelligence agency from 1981 to 2013. as the assistant director of
12:39 am
special security director, he's responsible for leading the oversight and reform efforts of the security clearance process on behalf of the directer of national intelligence. we thank you for that, and we thank you for all of your service to our country and for joining us today. next witness is steven lewis, the director, deputy director for policy for industrial and physical security policy and office of the undersecretary for intelligence at the department of defense. the under secretary of defense for intelligence is responsible for dod's policies, programs, and guidance related to, among other things, personnel and facility security. mr. lewis, we thunk for the testimony today, and we are delighted to note, i mentioned dr. coburn, his daughter, sarah, who, for a number of years, was my scheduler, told me where to go every day with relish, and i usually went there. not always on time, but we
12:40 am
welcome both of you and sarah. as the assistant director for special security director, you are responsible for leading the oversight and reform efforts of the security clearance process on behalf the director of national intelligence. i think i got out of order there, but that's okay. i wanted to say, steve, steve, my understanding is that the secretary for the defense -- secretary for defense of intelligence is responsible for dod policies, program, and guidance relating to, among other things, personnel, information security, all that broad realm? >> yes, we do. >> all right. how long have you been doing this? >> six years now. >> all right, thank you. final witness is brenda ferrel, director of defense capabilities and management at the government accountability office, and in april of 2007, she was appointed to serve as director in gao's defense capabilities in management team responsible for military and civilian personnel
12:41 am
issues including personnel security clearance process issues. she's authored several gao reports critiquing efforts to reform the clearance process. we thank you for your testimony today, and earlier before senator tester's committee. in turning it over to mr. jordan for remarks, we had a short conversation before the hearing began, and i don't think you were present, but what i said to the witnesses, the colleague, and guestingses, i said what we're trying to do here is figure out, what is the role of government? what is the role of government? i quoted abraham lincoln who used to say the role of government is to do for the people what they cannot do for themselves. david, more recently said in a book called "reinventing government," the role of government it is to steer the boat, not the load the boat. we have to figure out better what is the role of government, what kind of steering to we need to do, and who should be doing
12:42 am
the rolls, and how do we make sure we steer better, whoever is doing the roling, who is doing a better job as of late. all right, mr. jordan, you have roughly five minutes to give a statement, go beyond that, we rain you in, but stick to that, and we'll be just fine. thanks so much. >> thank you. chairman carper, ranking member, and members of the committee, i appreciate the opportunity to appear before you today to discuss the government's practices and procedures regarding security clearances, facility access, and suitability determinations. before i begin the testimony, i want to say a few words about the events that occurred on september 16th. on behalf of the administration and my colleagues here today, i want to extend our deepest sympathies to all those affected by the tragedy. while nothing brings back the loved ones who died that day, it's clear that collectively, we need to do a better job of securing our military facilities in deciding who gets access to
12:43 am
them. i, and my fellow witnesses take this responsibility incredibly seriously and are committed to the effort. i also wanted to note that to assist with addressing the full -- >> mr. jordan? >> yes? >> sorry to interrupt. you have seven minutes so take seven. >> okay, thank you, mr. chairman. >> you can take less, but try not to take anymore. [laughter] >> i shall. [laughter] i also wanted to note to assist with addressing the full spectrum of needs of all individuals affected by the tragedy, there's the washington navy yard recovery task force led by the assistant secretary of the navy for energy, installations, and the environment. as government officials, our highest duty is to protect national security including the confidentialty of classified information. we have an obligation to protect individuals performing work on behalf the federal agencies from workplace violence. in recent years with congress' help, we took a number of important actions to strengthen protections of both national
12:44 am
security information and the physical security of federal facilities such as improving the echtiveness and improvements and strengthen processes making national security and suitability determinations. we have to ensure the processes and the processes for granting or revoking access to systems fully mitigate risks. we have a multisector work force comprised of military, civilian, and contractor personnel. we worked to ensure robust policies and processes are applied to all individuals with access to federal facilities, networks, or classified information in a consistent manner. this approach reflects two important principles. first, the need to protect our national security is no less critical when the work is performed by contractors than performed by federal employees. second, the men and women who make up the contractor work force are no less patriotic than the government counterparts, and, in fact, there's been meaningful careers as federal employees or arm forces. we made significant progress in the area of suitability
12:45 am
clearance and process reform. we have to do more. in 2004, congress passed the intelligence reform and terrorism prevention act which required all agencies to complete 90% of the security clearances in an average of 60 days. as a result of actions, the executive branch has taken to meet the goals and objectives of the act, by december 2009, compliance was achieved. we have consistently met the goals every quarter since maintaining standards expected of the clearance process and the backlog of initial investigations have. eliminated. importantly, executive branch reform efforts extended beyond meeting timeliness goals. in order to aline suit the and national security policies and practices and to establish enterprise information technology standards to improve efficiency and reciprocity, we established the suitability security cliewrns performance counsel chaired by the deputy directer for management and accountable to the president for reform goals. as a marker of the significant progress made, in 20 11, gao
12:46 am
removed the personnel program from the high risk list. however, we recognize the serious nature of recent events and will cons to intensify the efforts to strengthen and improve our existing policies and processes. to the end, the president directed omb to lead a 120-interday review of suitability and security processes. for suitability and fitness, the review focuses whether the processes in place accurately identify correctly, or indicate danger to the workplace. the focus on national security risk determines eligibility in granting access that leads to loss of classify information and damage to national security. additionally, we will evaluate the means to collect, share, process, store information that decide, and among equity shared across agencies. as part of the efforts, we'll also be considering opportunitying to improve the application of the standards and
12:47 am
procedures to contracting ged 24ing just one example, em proved information sharing between agencies suspending and debarring officials, and the offices responsible for making determinations for fitness and security clearances. the first meeting is next week, and it will be a review process. additional means occur over the coming weeks and fully an tis palet the review completed within the 120-daytime frame. again, thank you for the opportunity to testify. as i noted in the beginning of the testimony, there's nothing more important than the two goals of protecting our people and protecting our sensitive information. we've steadfastly worked in a collaborative mapper to improve processes and procedures to ensure safety of both. as recent tragic events highlighted, however, we have to maintain a strong focus on continuous improvements and heed the president's call to conduct a comprehensive review and address my potential gaps in the most effect iand quickest manner possible. we look forward to working with the committee and congress as we undertake this important work. >> thank you so much.
12:48 am
>> chairman, ranking member, and members of the committee, thank you for asking me to be here today. the events that occurred last month were horrifying and heart breaking. twelve civilian employees, civil servants, and members of the contract work force were ruthlessly gunned down. all individuals were doing what millions of the colleagues in the federal work force across the country do every day, coming to work to serve the american people, put food on their table, and provide for their families. as the acting director of the office of personnel management and the federal government's chief personnel officer, i share your commitments and that of the president to identifying and addressing the root causes of this terrible tragedy. i also share your commitments in that of my colleagues seated at this table to perfecting to the greatest extent humanly possible, our processes and procedures to determining who shall be allowed access to the nation's secrets, granted the
12:49 am
privilege of serving in a position of public trust, or given permission to enter federal buildings and facilities like the navy yard. to those ends, since 2008, opm, omb, dod, and odni worked diligently together on reform efforts to ensure there is an efficient, aligned, high quality, and cost effective system for conducting background investigations and making determinations regarding security clearances, employee suitability, and contract of fitness. we have made great progress as reflected in the written testimony of the witnesses at this table, so as mr. jordan mentioned, we eliminated the backlog of security clearance investigations that in and of themselves posed risk to the national security. we have reduced the time it takes to complete such investigations to meet the deadlines congress established. we have imposed reciprocity requirements for greater efficiency, issued new investigative standards we are now preparing to implement. we have end happened professionalized the training of
12:50 am
investigators and adjudicators, and we have worked together to implement g parks o's very helpful recommendations by designing and iminnocently deploying a new set of agreed upon metrics that we can use to measure and drive up the quality of our investigative products. at opm, we impolicemenned a new quality control measure and have an aggressive program to hold investigators to the highest standards of integrity and to ensure that their work products is something on which federal agencies should be able to rely with confidence. we have overhauled and improved processes for reviewing the work of the investigators, increased oversight staff, and retooling our audit process. we do not tolerate fraud or falsification, actively look for it, and in the few cases where we find it, we take immediate administrative action and work as we have with the ig and department of justice to pursue criminal sanctions against those who betray the trust that has been bestowed upon them. of course, much hr remains to be
12:51 am
done, even the highest quality and most comprehensive background investigation is just a snapshot in time. the evolution of the security clearance process has to include the ability to obtain and easily share relevant information on a more frequent or realtime basis. you also need to improve the capacity to receive information in machinery to perform and share information across the federal government and with state and local law enforcement. at the president's direction and under the leadership of the directer of omb, opm has been and will continue to work with its colleagues on the performance accountability counsel to conduct the 120-day review of the oversight, the nature of implementation of national security, credentially, and fitness standards for individuals working at federal facilities. our review focuses op steps that can be taken to strengthen the processes and implementation of solutions. the tragic events at the navy yard as well as recent high profile security breaches highlight the need to be ever
12:52 am
individual lant in ensuring individuals entrusted with access to classified information and more generally individuals with physical access to federal facilities and information do not present a risk of harm to the national security or to the safety of our employees and our workplaces and to the end of improving our processes and procedures. i thank you for the opportunity to testify regarding all of these issues, and i will be happy to answer any questions you might have. thank you. >> thank you for that. actually, for those encouraging words. please proceed. again, thanks for joining us. >> good morning, chairman carper, ranking member, and distinguishedded members of the subcomet. thank you for the invitation to provide information on the government's practices and procedures regarding security clearances and background investigations. my statement addresses the role of the directer of national intelligence known as the dni. as a security executive agent,
12:53 am
authorities and responsibilities for oversight of the security clearance process across the government in areas in need of attention in the current process and initiatives underway to address those areas. before i follow, i would like to make the comment that we also add our deepest sympathies to the family members for their loss and our commitment to work towards to continuing to improve the security processes and access capabilities of the united states government. pursuant to executive order 13467, the dna, the security executive agent, is responsible for the development and oversight of effective, efficient, uniform policies and procedures governing the timely conduct of investigations and adjudications for eligibility for access to classifieded information or eligibility to hold a sensitive position. they are a time authority to designate agencies to conduct background investigations and determine eligibility for access to classified information and
12:54 am
ensure recognition of investigations and adjudication determinations among those agencies. i'd like to focus on two components of the process, the background investigation and adjudicated determination. the 1997 federal invest gaitive standards amended in 2004 are the current standards used to conduct background checks or investigations. these checks are required prior to making determinations for eligibility for access to classified information or eligibility to occupy a sensitive position. the scope of the background investigation is depended upon the level of the security clearance required regardless of the type of clearance involved. identified issues have to be fully investigated prior to adjudication. adjudicated determination is based upon adjudicated guidelines issued by the white house in 2005. decisions made clearing the
12:55 am
whole person concept, a careful weighing of available, reliable information about the person, both past and present, favorable and unfavorable. recently, two highly public and critical events involving individuals with clearances highlighted areas in need of attention in the current security clearance process. dod and dni in collaboration with the colleagues here, omb, opm, dod, and other federal partners has been leading security clearance reform now for several years. although the efforts are a work in progress, when mature, they mitigate gaps and enhance the national security posture. under current policies and practices, individuals' continued eligibility for access to classified information relies heavily on a periodic reinvestigation. essentially, a background investigation and adjudication conducted every five years for a top secret clearance and every ten years for a secret
12:56 am
clearance. the time interval between periodic reinvestigations leaves the u.s. government uninformed as to behavior that potentially poses a security risk or counterintelligence risk. continuous evaluation known as ce is a tool that will assist in closing this information gap. ce allows for ongoing reviews of an individual with access to classified information or in a sensitive position to ensure that that individual continues to meet the requirements for eligibility. ce, as in end visioned in the reform security process includes automated record checks of commercial data bases, government data bases, and other lawfully available information. a number of pilot studies have been niche initiated to assess feasibility -- excuse me -- of automated record checks and utility of publicly electronic information. research is required to assess research impacts and determine the most effective practices. a robust ce capability will also
12:57 am
support and inform the insider threat programs. we have to build an enterprise wide ce program that promotes the sharing of trustworthiness, eligibility, and risk data within and across government agencies to ensure that information is readily available for analysis and action. another area in need of attention is consistency and equality of investigations and adjudications. the revised investigative standards when implemented provide clear guidance on issue identification and resolution. in addition, the odni, opm, and dod cochair working groups developing common standards and method ricks to evaluate background investigations for quality and comprehensiveness. furthermore, the odni hosted a working group to refine the adjudicative guidelines and recommendations regarding these guidelines are in the policy development phase. another initiative supporting a
12:58 am
more robust security clearance process was the development of the national training standards which were approved in august 12 by the dni and directer of opm for implementation in 20 # 14. these standards create uniform training criteria for background investigation -- excuse me, background investigators, national security adjudicators, and suitability adjudicators. additionally, omb, odni, and opm are working to revise standard form 86, the questionnaire for national security positions to improve the collection of accurate information pertinent to today's security intelligence concern. as a final note, for the president's directive, omb is constructing a review of the security and suitability process. as such, dni, opn, and dod review policies, processes, and procedures related to the initiation, investigation, and adjudication, and background
12:59 am
investigations for security, suitability for employment, and fitness to perform on contract. in closing, i want to emphasize the dni's resolve to lead initiatives discussed today and continue to have collaborative efforts established with dod and obm and federal partners. thank you for the opportunity to update the committee at this time, and we look forward to working with you on these matters. >> thank you for the update, and we look forward to hearing from mr. lewis. >> good morning, distinguished members of the committee. i appreciate the opportunity to appear before you today to address the practices and procedures of the department of defense regarding security clearances and background investigations. ..ersecretary of defense for intelligence, dr. michael vickers, is the principal staff
1:00 am
assistant to the secretary and deputy secretary for security matters. in this capacity dr. vickers exercises his authority as the senior official for d.o.d.'s personal security program and has primary responsibility for providing and improving guidance, oversight, and development for policy and procedures governing civilian, military, and industrial-based personal security programs within the d.o.d. in order to address the department's personnel security policies, i believe it's important to first identify the national level policy framework. executive order 13467 designates the director of national intelligence as the security executive agwith t si >> this directs the security agent to develop uniform policies and procedures to ensure effective completion of investigations and determinations and eligibility for access to classified information were to hold national security positions.
1:01 am
this includes reciprocal acceptance of those determinations. in addition the executive order designates the director of the office of personnel management as the suitability individual with responsibility of developing many uniform and consistent policies and procedures regarding investigations and adjudications and determinations of eligibility for logical and physical access to federal government installations and systems. finally, the executive order creates accountability councils chaired by the deputy director of management and omb and the director of opm with responsibility to align security and the adjudicator processes.
1:02 am
with regard to the oversight roles within the dod, the heads of the components are responsible for establishing and overseeing implementation of procedures to ensure prompt reporting of significant derogatory information and unfavorable administrative actions and actions related personnel. this needs to be provided to appropriate officials within their component and as applicable to the dod consolidated adjudications facility. this responsibility applies to military service members and dod civilians and contractor personnel. under the national industrial security program, contractors are required to report adverse information coming to their attention regarding their cleared employees and in addition, the defense security service is responsible for conducting oversight on classified contracts for 26 other federal departments and agencies to use dod industrial
1:03 am
security services. the department has worked very hard to create improvements that have produced greater efficiencies and effectiveness in the phases of initiating and adjudicating the background investigations and as a result, in 2011 the government accountability office moved the personal security clearance program from the high-risk list and we have used multiple initiatives to review and confirm the quality of the investigative products and the quality of our adjudications and the accuracy and complete lists of the documentation of the adjudicative rational, which is the basis for these determinations. and this helps to support our oversight as well as the process and reciprocity. in addition we have implemented a certification process for the dod personal security adjudicators and over 90% of these adjudicators have certified to rigid standards and
1:04 am
ultimately it is a condition of employment that each adjudicator will complete this certification process. in may of 2000 welcome the deputy secretary of defense use all resources except for the dod intelligence agencies at fort meade, maryland, under the direction and command and control of the director of administration and this decision was made in order to maximize efficiencies realized by the facilities and under the 2005 race realignment and closure and effective on october 1, they assumed responsibility to adjudicate the background investigations, which are the basis for the issuance of common access cards used for physical access to the dod installations and to access the dod
1:05 am
information systems. thank you for your time and i look forward to answering your questions. >> we thank you, sir. great to see you, welcome, brenda. >> rating member, chairman, members of the committee, thank you for this opportunity to be here today to discuss the federal government's personnel security clearance process and let me briefly summarize my written statement for the record and to some extent what is already been conveyed here today and it allows for access to classified information on a need to know basis and recent events such as the unauthorized disclosure of classified information has shown that there is much work to be done by federal agencies, as you noted, to help ensure the process functions effectively and efficiently so that only trustworthy individuals hold security clearances. over the years the gao has
1:06 am
conducted that has given us a unique historical perspective. my remarks today are based on a report issued from 2008 through 2013 on the personal security clearance program and government wide reform efforts and my main message today is the quality and quality metrics that needs to be built into every step of the clearance process and in my written statement is divided into two parts. the first addresses the overall security clearance process and multiple executive branch agencies are responsible for different steps of the personal security clearance process that includes one determination of whether a position requires the clearance. plus applications of submission and investigation. number four is adjudication and number five is possible appeal and for example, in 2008,
1:07 am
executive order 13467 designated this as the security executive agent and as such they are responsible for developing policies and procedures to help ensure the efficient and timely completion of background investigations and adjudications relating to determinations of eligibility for access to classified information and in turn executive branch agencies such as dod determines which of their positions, military or civilian contractors require access to classified information in which employees must apply for and undergo and this includes most of the government. they provide the resulting
1:08 am
including making the decision as to whether or not the person is eligible to hold a clearance. in 2012 we reported there were two issues with the process, determining which require access to classified information and we reported that security executive agency had not provided agencies clearly defined policies and procedures to determine if a position requires a clearance or established items to require agencies to review and validate existing federal civilian positions and we recommended that the dni concurred with the recommendations i am pleased to say that they and opm have actions underway to address the recommendations and we will continue to monitor their actions. the second part of my statement addresses my extent to which the
1:09 am
executive branch agencies have metrics to determine the quality of the security clearance process and for more than a decade, the gao has emphasized the need to build and monitor quality throughout this personal security clearance process to promote oversight and positive outcomes and maximizing the likelihood of individuals who are security scrutinized more closely. for example, the gao reported in 2009 that with respect to initial top-secret clearances and adjudicated in july 2008, for dod, documentation was in complete for most investigations and this includes making decisions with the required information, such as certification of the applicants and employment and we also
1:10 am
estimated that about 12% of the 3500 reports did not contain this. this includes federal investigative standards in order to include the documentation. as of august the 2013, opium had not implemented this recommendation and this is due to the significant progress in reducing the amount of time to process the clearance in steps of the dod had taken to help ensure the quality of the adjudication process and that kind we noted these efforts
1:11 am
underway the opm investigation that was provided and unfortunately these efforts have not been realized. the progress that was made was used without the committed and sustained oversight in the executive branch leadership. further actions are needed now to oversee quality of the process, including background investigations. >> after i asked some questions, the doctor will be recognized.
1:12 am
>> i would appreciate very much your formal testimony to which we especially feel good about? >> i think the collaboration between opm and the other agencies has improved over the years. and this includes the chair that has helped provide the most
1:13 am
notable improvement we have seen is with the processing of additional personnel security clearances at the top-secret level and we have stated this over the years that we do not want to see the processing of the clearances at the expense of the quality of the investigations. >> work is in progress and you just talked with us about what of some of the most important aspects are in with the thought of how we can be most helpful in expediting network that is in progress. >> i think the work that the agencies are doing to reap investigate the standards is
1:14 am
very important in this gets to the heart of what we are saying about quality for the background investigations in particular and are we obtaining the right available information from the right sources, is a complete, is a reliable. so i think revisiting this and this includes the standards that we have as well, which are very important to the process. >> this includes everything of that information. >> the second half of my question, ma'am has to do the timeliness. >> the timeliness issues and
1:15 am
also at that time, the intelligence reform act of 2004 required an annual report to congress to meet the final goal of process and clearances and this includes interim step for the executive branch to meet that 60 day goal. an annual report reflected information to help make sure that they were meeting those interim goals and if they weren't needing them, what could they do make a course correction to continue that significant progress. there is a sunset clause on that annual reporting and we have not have the remainder of the reform efforts and so i think that this may be an area with continued
1:16 am
congressional hearings meet the goals. we mentioned the metrix in may of 2010 and several of the leaders signed a memo, noting that these are those that we have under development that we are planning to put into place and get investigations and reciprocity and many that we have noted with the exception of timeliness and this is something that we would like to understand why not and what the plan was in may of 2010. >> i would like to talk about the quality control and this
1:17 am
includes the united states investigation of services and the company that has been contracted out by the of personnel management. these reports it would not yet complete this practice in this lawsuit comes on top of all the questions that have been raised in this includes that of edward snowden and what should give us any faith in this current history. >> i appreciate the question. and i certainly understand it based upon the reports and as you mentioned, senator, he contained very serious
1:18 am
allegations of contract fraud arising out of 2010 and 2011 and we have been aware of these allegations since the complaint was filed in july 2011 and have been working closely with the doj to implement changes that would address this nature would not continue in this includes what the allegations could be. we understand that the contractors have an obligation to conduct their own investigations. in this includes our own quality reviews of the investigations and what the allegation is here is to move cases more quickly and that is a real problem, obviously with the allegations that are substantiated because
1:19 am
this includes quality review and it's a real problem because we rely upon their quality reviews in order for us to be able to move the investigation along more quickly and we like them to capture the issue and i will say that it's cold comfort, but the cases were also subject to opium quality review before they were passed on to the agency and not being that being said, we have done a number of things as we became aware of what the allegations were and with respect to opm, we have significantly increased government personnel performing oversight by increasing these levels and realigning our internal fax. we have increased on-site inspections, including the comparison than the requirements
1:20 am
of the contract and we have increased the frequency of the cases closed by the contractors. this includes anomalies and we have and we are currently in the process of the support services contract which is precluding a concern that there might be collusion between the support staff and field investigation and that was a recommendation the recommendation of our inspector general. a lot of things have occurred. >> my time has expired and i was being respectful with my colleagues.
1:21 am
>> there are new integrity standards and there has been a lot of changes. >> thank you. >> thank you for your testimony and i kind of see this as a multitude of problems and i have mentioned in my opening statement about how we over classify this, which is a problem for the american people because that means that it is not transparent. sitting on the intelligence committee, i get to see what his secret and top-secret and one of the other things that i've seen in five different instances is people who are also doing the
1:22 am
adjudication. so we have an absolute conflict of interest in terms of separating authorities and responsibilities in five areas in the clearance process. and we have the same person adjudicating in the same from adjudicating what was clear in what was investigated and we have three different instances and so we have clearances and now we have 8400 people that don't follow the law when it comes to taxes.
1:23 am
[inaudible] and we have the defense department that is making a good way to go. so what is the answer? and the other has to be using data that is available and for $20 you can get 90% of the information on the internet and we pay $2400 per top-secret clearance.
1:24 am
>> per top-secret, yes, i believe. >> over $90 you can find out a good portion of this stuff right now. that way too many people have to have clearance and also how we are doing it is not utilizing the data that is out there today >> it looks to me like no one ever cross-reference that with the irs. no one ever checked to see if that data was accurate and already we did a computer check.
1:25 am
so my question to you and my final point is this. creating expectations that is tentative on the basis of you having some kind of renewal and not knowing when that is going to be, the cia used to have random polygraph tests and i can pass any polygraph test and you won't ever know it. so the fact is that we need to create an environment where we lessen the number of people that need a clearance and then we made to create the expectation that you'll be randomly checked and this includes the details that are difficult and i'm not saying that it's not difficult.
1:26 am
>> we all laid out where we are, but how do we resolve a? we have all of these areas and then 21 pages of one activity and an eight pages on financial records on five pages on associations and the point is what we want to do is go for the gold.
1:27 am
and we rely on this as much as we can data, that the government already has out there. are you amazed at 8400 people have the ability to indulge in top-secret data and they have cramps crimps us for that and does that bother anyone here? and that puts us at risk. and i think that this is a question that everyone has. the contractors are doing the adjudication and that would be a really bad system and it's done by the agency that is granting the clearance.
1:28 am
that is an inherently governmental function. >> the clearance process is not just the adjudication but the investigation. and so that should only be performed by government employees, but the question of information will be part of it.
1:29 am
so continuous evaluation is a very important piece, the automated records check building out our capabilities they there, it's very important building efficiency and effectiveness for the system and then making sure we are constantly looking at all the processes for initiation through the investigation and the adjudication and the ongoing basis to make sure that we address any gaps or weaknesses as quickly as possible. and we have about 5 million people with security clearances has such monumental consequences that we need to make sure that we do everything we can to make sure this doesn't happen a second time.
1:30 am
>> what is the answer to that? and they said what is the comment and we have been working in the potential oversight and in that is determining if a physician has access to classified information. .. tradeoffs could be made. there's a misperception often that security clearance follows the person. it doesn't. it follows the position so as
1:31 am
we've noted, there has been a lack of guidance in that area. we did work at d.o.d. and d.h.s., components within both of those departments. we found some components took initiative to revalidate existing positions and some did it one time and had no plans to do it again. some never did it. so from a personnel security clearance process view, that very first step is very important to make sure that the position does require access to classified information. that's where those types of questions could be asked. what is that classified information? if you overclassify, then you overclassify positions, then it starts to snowball affect of having five million people -- snowball effect of having five million people have classified clearance. >> just quick note. i did a little bit of math. i hope i did this right.
1:32 am
if there are 8,400 people out of the 4.9 million people that ave clearances, that's about .16% of people that owe government money. hopefully they are on a repayment schedule. we don't know. hopefully they are. 40% of those ron repayment schedules. that means about .1% owed government money, they are not on repayment schedule. that's not good. compared to what? compared to the 99.9% that have a clearance who don't owe the federal government anything on taxes, so -- >> would you yield for a minute? >> sure. >> it raises the question, it's not about a percentage. if you're not following the law in terms of paying your faxes, why should you have a security clearance at all? whether you got a payment plan or not? you have not complied that we expect every other american
1:33 am
citizen to comply with and you have a security clearance? to me it begs the question, you're not up to date on your taxes, you're no longer have a clearance, period. i mean, it's creating the right expectations is my thought. >> go ahead. the other thing i say, i spent 3 years of my life as active in reserve duty flight naval officer. if i said people say this is people that is overclassified, this is an age old problem. we have to look at this again and again and say do we really need to classify, so that's a ask. uestion to senator ma cass kill and others, -- mccaskill and others, we recognize. >> i think the bigger issue of taxes paid is taxes paid is
1:34 am
pretty basic. what else is going on out there that's slipping through the cracks on security clearance because taxes, that's right in front of our face and we're missing that. mr. chairman, just to follow-up with senator coburn's comments. i think we have pushed through this committee the revolving dollars to be made for more transparency, more audit, more accountability. the house committee passed that. i would encourage you to do what you can do with your counterpart over in the house to make sure the full house takes that up because it's critically important. there are two pieces of that bill that senator portman, senator mccaskill, senator johnson and others are part of, plus some others, that deals with accountability and it deals with the number of clearances that are out there. i think we should push to try. negotiations are going on, but you have to set a level of expectation. i think that's what that does in part. i want to follow up a little
1:35 am
bit on what chairman carper alked with you, elaine, on the d.o.j. suit that was filed in 011, july, and we were told by o.p.m. that there wasn't problem with uses. and there's a suit out there that doesn't look very good to me, and now we're finding out that o.p.m. is probably going to get onboard or maybe going to get onboard or is getting onboard. what's going on? it looks to me quite frankly that there's a real disconnect here between what the contractors are doing and what the expectations what the contractors to do and people are dying because of it. we're losing critical information because of it. i mean, the list goes on and on. o what -- what's going on?
1:36 am
>> thanks for the question. i am not aware of anyone at o.p.m. saying there's no problem with uses. i do know that because of the fact that this complaint was under seal we were unable to talk about the complaint. and now we can talk about the complaint, which i think is a good thing. and i think what we have tried to do, as i was explaining to senator carper before was -- and this started before the complaint became public and it's been over the last several years is to address and to rectify the problems that are revealed in these allegations in this complaint which was under seal. as i mentioned, we did many things at o.p.m. to prevent this from happening again. this is contract fraud. a failure to do quality reviews that they were obligated to do under the contract and there have been many, many changes made at uses as well. many changes that involving the whole new -- new staff at the
1:37 am
top. compliance office, internal audit, all sorts ever things that have given -- >> when were those changes made? >> those changes have been made over the last two years. since the allegations in the complaint, and we've been working with our i.g. on it and with the justice department. we feel the allegations are certainly very disturbing, and what we've tried to do is address the underlying concerns without speaking publicly about them. >> and so you guys -- and i'm not an attorney, but they have been sealed. you've known what's in the charges, you just can't talk about it publicly, is that correct? >> i can tell you right now -- in fact, you can go online probably -- >> i don't care about now. i want to know about july, 2011, were you guys aware of what the charges were? >> we knew what the allegations were in the complaint. however, working with the justice department and our i.g., we were, you know, advised, of course, not to discuss it because that was a matter -- >> that's fine.
1:38 am
i guess the question, 60% of the background checks, right? >> 50%. >> three companies that do the contracting, so they're doing the lion's share of it? >> yes. >> was there any oversight, additional oversight given as of july 1 on the work that they were doing, how often was it done and by the way, are those kind of metrics used on all of them? because quite frankly, when money is involved, there are some folks that don't give a damn about the product and they just want to make the money. >> yeah, i mean, that's a good question. i mean, what we've done -- and it's not just oversight of uses because we have. other contractors and we have federal employees quite frankly that do the work too. they need to be watched. >> what determines what background checks go to uses -- those guys do some things particularly well and other things not so well or do you dole them out like a deck of cards or what? >> i don't think it's like a deck of cards. i actually don't know what -- i will get an answer to you on that question. i suspect it's based on the
1:39 am
location of the investigation buts not that they dot top secret and -- >> i believe it was you that talked about quality metrics. i might have been brenda too. what determines what background checks you guys look at to see if they're done appropriately? >> we look at all of them. we look at each background investigation. >> so you look at alexis' background check? > yes, we did. would you like me to talk about it? >> the information is out there. the naval record alone should have brought up some red flags. what you're saying is two folks missed it. uscis missed it and the contractor missed it. >> to be clear, i would have to say that based on our own view, and i believe also odni's review of the investigation, yes, we missed something for sure.
1:40 am
but we did what was required. >> multiple somethings. >> o.p.m. -- we need to look at each part of this. we did the investigation in 2007 and it was for secret clearance. there are certain protocols and standards to a secret clearance, not a top secret clearance. we conducted the investigation that was required by the investigative standards and it was so having gone through quality control, both at uscis and o.p.m., we would have passed that investigation because it complied with investigative standards. now, what we're looking at right now in the context of the review and what we have been looking at is, well, are the standards up to snuff? should we be required to get police reports, for example? should we be required to get mental health information even from someone who has a secret as opposed to top secret clearance? all these things need to be looked at. it was not in our view a case of malfeasance on the part of the contractor.
1:41 am
we believe the contractor did what they were supposed to do. >> senator coburn obviously knows what to look at because he had the thick file. if you don't like at police reports and you don't look at what al background and -- do you look at? >> we did look at criminal background. with the secret clearance is there is an f.b.i. check. we get the f.b.i. database and they reveal arrests. it does not reveal the disposition of cases that are handled at the state and local level. and so the f.b.i. record revealed that mr. alexis had been charged and arrested for what was called malicious mischief and under the existing standards, our job or the job of the contractor, in this case, was to go out and find out what the disposition of that charge was and to find out more information about the charge. now, some have questioned now why o.p.m.'s investigators did not go get a police report. well, the reason that a police report was not obtained was
1:42 am
because, you know, there were like 1,700 localities, law enforcement jurisdictions. they all have different rules about what they're going to supply to us. in this case, we had experience with seattle. seattle did not provide police reports and they have their own good reasons, i'm sure. but -- so what we were referred to by seattle was the state database. the state of washington, their court records and that's where we went. that revealed that mr. alexis was charged with malicious mischief but the charges were not -- >> i appreciate. i'm over time. can i ask you when you guys do an oversight, look at how many do you find a problem with? >> don't have that information but i can get it for you. if there is a problem, we fry to get the contractor to fix the problem, for example, if it's incomplete. and then if there is a problem, if the adjudicator looks at our
1:43 am
information, they ask us to do more work. >> this is -- we could be here all day and we probably should be here all day. it's important. thank you. >> thank you. >> thank you, mr. chairman. i want to thank you for holding this very important hearing. let me just follow-up as to what senator tester said. as i understand it, so in the case of mr. alexis, o.p.m. did actually go to the seattle police department to get the underlying police report? >> no. we did not because we do a lot of these investigations and our understanding was that seattle didn't make that kind of information available. they routinely referred us to the state of washington database and that's where we went. >> so we didn't try to get the underlying police report, we just -- the decision of o.p.m. was that we've dealt with seattle in the past, they won't give us a report? >> well, there are certain -- our tpwhration is to try to find out the disposition or if
1:44 am
there have been charges and it was not as though we decided we're not going to make an effort here. we based upon the fact in the past -- and this occurs with other jurisdictions besides seattle. they'll refer us to another database. you know, that is what they did. we did not go in this particular case and say, you'll depart from your policy. in is again something that we need to take a really close look at and we are going to be looking at as part of the president's review because it is problematic, certainly, there was this information on -- written on a piece of paper somewhere that we didn't have access to. >> yeah. i find it actually incredibly shocking that we wouldn't pursue a police report in any of these arrest situations because the nature of the charge, looking at the underlying police report, having been a prosecutor, can tell us very different information and a prosecutor may not have the elements to make a particular charge and the disposition may tell us nothing. but seeing prior behavior here
1:45 am
where aaron alexis, getting a police report would have flagged a very different set of conduct for anyone looking at that. so i believe we do have to change that. and if that comes to understanding with law enforcement across the country, i would be shocked having worked with so many police officers that they wouldn't be willing to have a -- have an understanding with the federal government on this, given what's at stake for the country. you know, one of the things that concern me also is i heard the discussion between -- between you and mr. tester was this issue of the uscis lawsuit and in 2011, coming before the committee, i wasn't a member of the committee then but the fact that these -- this suit was sealed and as a result of consultation with justice, you didn't feel because of the sealing of the suit that you could share that information. i understand you have to go to justice for advice on these
1:46 am
issues, so i'm not being critical of you on this. but what i would be critical of is why wasn't there -- this seems to me a core issue of oversight that the committee would need to know that was the subject of the sealed suit, that now we're seeing obviously ome of the consequences of part of this being with uscis. with snowden and what we're seeing in other cases. it really troubles me that this would be sealed. was there any discussion about -- with justice of how this is a very important piece of information that the committee really needs to know sdem because i have a problem that justice wouldn't have gone to the court and taken action. having been a prosecutor myself and try to explain there is a separate duty here but the congress needs to be aware of information and needs to protect the country and i think this is part of a bigger issue. i want to get your thoughts on
1:47 am
that. did you come subsequently and update us as soon as you could once this thing was unsealed? >> i'm here today. it was just unsealed two days ago. >> ok. fair enough. >> so in other words, it was sealed for two years? >> well -- and you know, i'm not an expert in this. and thank you for calling me judge even though i'm not a judge yet. appreciate it. and i'm not an expert in this. this is a false claims act case. they have a very special treatment because somebody comes forward as a whistleblower and then the government has -- they keep it under seal because the government wants to decide whether to intervene in the case. >> right. >> and so i think that's the reasoning behind the sealing. >> so understanding that there are obviously different rules regarding false claims -- this is a different issue. we have to get to the bottom of this so this committee isn't waiting a couple years later while this decisionmaking is ongoing in the government when there's a critical issue with a contractor that needs to be addressed. i believe this is an important
1:48 am
issue we have to get at. >> if you would yield. i think the real question is, now you have this problem out there, the response i would say is, why weren't we monitoring quality assurance on our contractors to begin with and what have we done since then to monitor quality assurance on the -- the three contractors that are out there doing it? >> that's a fair question. with respect to what we were doing before, i've been told that actually we were sort of hot on the heels of this around the time that the complaint was filed because we were starting to notice that the quality reviews were being done either too much by one person or too quickly and so we had already made inquiry with uscis but obviously we didn't catch it quickly enough because it occurred. and so what we've done since then is we have focused more, as i said before, on those reports to enable us to find
1:49 am
anomalies before -- you know, when the problem is occurring more quickly, and we have beefed up the staff, the federal staff that's working on those matters. and we -- at the same time, uscis has made many, many significant changes in the way that they operate. and so there have been a lot of changes made. with respect to the question about not being able to talk about it, in some ways it was very frustrating to us as well. >> i can imagine. >> looking at things in the newspaper and unable to, you know -- but i think you'd have to ask the justice department more about it. i think they believe in is required by law. >> thank you. i think obviously that's something we need to work flew so we're not in this situation in the future. i believe ed to ask, -- -- ture letty prioletti, it would provide one
1:50 am
of the issues i see in all of this is an issue that we rely -- we rely too much on self-reporting, particularly after we granted a clearance, and our bill is fairly straightforward in that we would -- there would be two random audits conducted. as i understand your testimony, you have talked about this idea in your testimony of -- automated record checks. yet, you say there's more research required. i don't understand how, if it we don't have some random checks and we're relying totally on self-reporting, that frankly people's lives change dramatically and can change in five years' time in a we will have a system that really verifies that people maintain their clearance status, so i wanted to get your knotts on that. >> thank you, senator. what i was referring to is we do automated record checks at this time or electronic record
1:51 am
checks. all the agencies do it. for example, when director kaplan referred to the police checks going to the electronic record checks to get in a information, there are ongoing processes such as that going on right now. what i was referring to is with continuous evaluation as an expansion of that into more areas that include internal government databases as well as external, both government and commercial databases, some of the specificity i can't get into in today's current environment in this proceeding here, but what we're talking about is building the enterprise wide. in other words, have an automated records check ability, continuous evaluation, whether it be several times over a five-year period or whether it be more frequently than that, that can serve both the united states military, serve the intelligence community as well as serving the nontitle 50's.
1:52 am
what we have done is we had a c.e. -- continuous evaluation -- working group that was made up of i.c. members, o.m.b. had representation. o.p.m. had representation and d.o.d. had representation. and what we did is we created a concept of operations in a is now ready for testing that takes a level of checks and balances that are high enough to satisfy the requirements of top secret s.c.i. organizations such as the i.c. but also reasonable for the expectations of an n.t. -- nontitle 50 organization or some fert other organizations. that's a very you touchy balancing act to make sure we have enough checks. but it's an expansion on what's currently done. there are national agency checks, police checks and financial checks for the secret level clearances.
1:53 am
some databases, which include classified information and some that do not as well as the commercial databases. the area that i think your most concerned about is the social media or publicly available electronic information and that's where the research is being done, senator. we have to find that balance between the civil liberties and privacies of a u.s. citizen versus national security interests. that's where we're doing it. i do not have, as a representative of d.n.i., the luxury of going into a social media or publicly available database, pull information out of there and submit it as being the truth. the government has a responsibility and obligation to the citizens to ensure that information is true and accurate before we use it in an adjudicated process. >> i know my time is up. i can tell you obviously when our teenagers go online and get important information on social
1:54 am
media and that yet we're not going to use it to find out that someone is involved in something, i think that's -- that's a little hard to believe. we need to take a commonsense approach to this. so my time is up. i also think we need to have random checks on people instead of relying on their own self-reporting. >> senator. thank you. senator heitkamp. >> thank you. i think this is such a critically important response and quick response to this horrible tragedy and i hope that the family members take some comfort that we, too, share their concerns. i've read this report and i can tell you honestly as somebody who used to do background checks for people involved in gambling in north dakota, if you were going to get paid minimum wage to deal black jack, he would not have passed that background check. he could not have dealt black jack in north dakota. but yet he had a clearance that allowed him to come onto a navy
1:55 am
base and do serious, serious human damage. and so it's really frustrating. we're all frustrated here with this process. i completely appreciate your privacy rules, but when you apply for this clearance, you waive your right to privacy. and every parent on this panel who deals with social media knows if you want to know what your kid's doing, go out on social media. you may think that it doesn't have the veracity of a court record, but i can tell you, somebody who has looked at court records repeatedly, doing background checks, it certainly does. and a picture is worth 1,000 words. it's heartbreaking. so we take this one example. and i always fear that one example does not prove the case, but we've got multiple examples now of where we failed in the clearance system to actually ferret out people who would do damage to co-workers, murder co-workers but also damage to our national security. and so this is a very broad
1:56 am
issue and very important issue. i want to talk about self-reporting. and i want to talk about the consequences of not self-reporting. i was quite honestly shocked, because i'm new to this committee and new to looking at government security clearances, the huge number of people in this country who have these clearances. i mean, in is a big group to manage, right, we'd all agree with that. so obviously random checks are critical and important part of this and you sigh that from the bill in a we introduced. but we need to make the self-reporting more effective as well. so i want to know if all those millions of people who have these clearances how many of them have ever been discharged from the government for failure to self-report? >> we can get you that information. we don't have it with us. >> how -- in your database, how would you know that information? >> well, if, for example,
1:57 am
someone fails to report, do you mean on their form, they are deceptive? >> either lying on their application or failure to report after a serious event that occurs after the clearance? >> we will have to get you that information. the latter is certainly grounds for revoking a security clearance and the failing to report or being dishonest when you feel out your form is something the adjudicator would decide to grant a clearance in the first instance. >> with all due respect, if you're not checking local police records, you have no guarantee that when somebody checks the box and says they've never been arrested that they're telling the truth. >> with respect to that, there's never a guarantee, but we don't just take their word for whether they've been arrested. we do an f.b.i. check. and the f.b.i. database receives reports -- probably more familiar with that than i
1:58 am
am, frankly. will spit out if they've been arrested. it requires work on a state-by-state basis or local jurisdiction to find out what the disposition was. remember, we're talking in his case about a secret clearance. if there was a top secret clearance, there would be more extensive investigation going on which perhaps would have uncovered the gun part of this and maybe other things. speculation. this is a secret clearance. >> if i can just take it one step further, we are talking about revoke the clearance. what about requiring that employment be terminated? is that -- is that one of the things that you're considering in looking at going forward, that this person obviously for contractors that's a tough call? but certainly for government employment, to me it's not enough to just revoke their clearance. i think that it should be prima facie, a case that you now lose your job. there has to be serious consequences for not reporting.
1:59 am
there has to be serious consequences for lying. and we have to look at the number of people out there who are not currently self-reporting. because even random checks cannot solve this problem. there has to be true consequences. and so i'm interested -- anyone in the panel, about how we're going to amp up the penalties for employees not self-reporting. >> you know, that's absolutely what we're looking at as part of our 120-day interagency review. both the piece that you are talking about where are there any gaps in the self-reporting rtion versus an active reinvestigation period would address, that's in scope. what is the information that we collect and, you know, measured against 13 adjudicated standards and does it all flow right, that is all part of this. and then the accountability. here are currently significant penalties for, you know, lying or not reporting adverse information. yes, it includes revocation of your clearance.
2:00 am
you mentioned contractors. an agency can, you know, suspend or debar the contracting firm. if they think it's just a problem with an individual, they can direct that that individual not work on that contract or you can suspend or debar the individual. and we're looking at all of the accountability measures for both federal employees and contractors to make sure that only the people who should have access to our facilities and our sensitive information do at any given time, not just when they're cleared. >> you know, just human nature being what it is, if simply saying, well, there might be a consequence or -- the point that i'm getting at is a mandated, this is going to happen if you don't self-report. and mr. contractor, we don't know this. it's your job to help us enforce. it is your job to report back to us, and if you don't, black mark on you. you won't be a government contractor very long. and so that's -- that's the level at which i have passion for this issue, that we should


disc Borrow a DVD of this show
info Stream Only

Uploaded by TV Archive on